Since version 2.0, OAuth introduces Refresh token on top of its popular Access token. An access token contains information about the scopes or roles of a user to a certain service. Originally, issuing an access token means the issuer relinquishes control over that token – the issuer cannot revoke the token once it was given. This process arises many security holes. When a hacker successfully acquired the access token, it is equally as disastrous as when a thief has gained the entrance to your secret vault. The potential drama forces developers to limit the lifespan of access token to very short, typically from a few minutes to an hour – which reduces the usability since user has to frequently login. This is where refresh token comes in handy. Refresh token, which has a much longer lifetime – from a week to a few months, does not require user to login once access token is expired since the application will automatically requests a new access token at the issuer site. Moreover, implementing refresh token will improve the system security because the issuer, at any time, can revoke the given refresh token.
With pre 4.2 versions of Safewhere*Identify, in order to access to our Rest APIs, the client needs to gain a suitable access token. The process was sophisticated and time consuming. Admin will also need to write a web application that implements OAuth 2.0 to ask user to login, then send those requests to the token’s issuer. The problem escalates when working with Window Services that contains no user interaction as admin would, unavoidably, have to write a specific application to login just for this regard.
To eliminate the hassle, Safewhere*Identify has launched the API Keys that auto-generate tokens and only requires the Identify*Admin logon. You will no longer have to compromise between security and usability as Safewhere*Identify has it all cover for you.
“Any society that would give up a little liberty to gain a little security will deserve neither and lose both.” – Ben Franklin
How to setup to get the RefreshToken and AccessToken on UI
1. Go to the connection list on Admin, select Tools\Oauth 2.0 to create the Oauth 2.0 protocol connection at Root organization
4. Click “Test” button to create the Oauth2 access token